The solution of the error “Permission denied: .htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable”

I noticed somehow the following error:

[Mon Sep 05 10:24:38 2016] [crit] [client 192.168.1.1] (13)Permission denied: /home/user/public_html/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable

Before the error occurred, I moved the files through sudo (from the root user) and to return the rights I executed the command:

sudo chown user:user -R /home/user/public_html

Which changed the owner to the one specified in all the subfolders and files, but the other directory should have been specified to the public_html directory (not its contents), because of which apache2 wrote that access was denied. Therefore, if you point to the public_html of the user and the group from which apache2 is running, the error disappears.
It can also be helped by specifying permissions 777 on this folder, it will give full access to all users (but this option is better not to use for security purposes).

How to restore the standard mac-addresses of MikroTik interfaces

Recently, I had to copy the settings of one MikroTik router to another one and after I saved the settings to a file and populated them on the second, I noticed that mac addresses were also copied.

Therefore, we had to reset them to standard ones.
First, let’s see what the interface numbers are (I have ether1 for 0, ether2 for 1, etc.):

interface ethernet print

And reset their mac-addresses:

interface ethernet reset-mac-address 0
interface ethernet reset-mac-address 1
interface ethernet reset-mac-address 2
interface ethernet reset-mac-address 3
interface ethernet reset-mac-address 4

If you need to reset the mac of the wireless interface, then save the wireless settings to the file:

interface wireless export file wifibackup

Look at the wireless interfaces (I have one at number 0):

interface wireless print

Reset all settings including the mac address:

interface wireless reset-configuration 0

Restore the settings from the previously saved file (mac-address in this case will remain standard):

import wifibackup.rsc

Done.

Limiting access to management of Huawei SmartAX MA5600

For example, to allow to connect to the Huawei SmartAX MA5600 series via telnet only to the specified IP address ranges 192.168.0.100-192.168.0.254 and 172.16.24.1-172.16.24.50 we will connect to the device and go into the configuration mode:

enable
config

And execute the following commands (for non-specified IP access is immediately prohibited):

sysman ip-access telnet 192.168.0.100 192.168.0.254
sysman ip-access telnet 172.16.24.1 172.16.24.50
sysman firewall telnet enable

Similarly for SSH:

sysman ip-access ssh 192.168.0.100 192.168.0.254
sysman firewall ssh enable

And SNMP for example for one IP:

sysman ip-access snmp 192.168.0.100 192.168.0.100
sysman firewall snmp enable

To deny access to the specified subnet, we specify ip-refuse instead of ip-access, for example:

sysman ip-refuse telnet 192.168.1.200 192.168.1.220
sysman firewall telnet enable

On the test, I performed the settings for Huawei SmartAX MA5683T, they are essentially the same for the entire MA5600 series.

Solution of VirtualBox error “Kernel driver not installed (rc=-1908)”

I noticed somehow an error in VirtualBox working on Linux Ubuntu Desktop 16.04:

Kernel driver not installed (rc=-1908)
The VirtualBox Linux kernel driver (vboxdrv) is either not loaded or there is a permission problem with /dev/vboxdrv. Please install virtualbox-dkms package and load the kernel module by executing
‘modprobe vboxdrv’
as root. If it is available in your distribution, you should install the DKMS package first. This package keeps track of Linux kernel changes and recompiles the vboxdrv kernel module if necessary.
where: suplibOsInit what: 3 VERR_VM_DRIVER_NOT_INSTALLED (-1908) – The support driver is not installed. On linux, open returned ENOENT.

To solve the problem it was necessary to disable the secure boot in the BIOS, in my case “Windows UEFI” was selected, changed to “Other OS”.
Then, after running the system, executed the command from the root user:

modprobe vboxdrv

In Ubuntu, you can switch to root as follows:

sudo -i

Done, the error is solved.

Adding SIP clients to Asterisk

SIP clients in Asterisk are specified in the sip.conf file, so open it for example in the nano text editor (Ctrl+X to exit the editor, y or n to save or discard changes):

sudo nano /etc/asterisk/sip.conf

First we specify the following parameter, forbidding anonymous calls:

allowguest=no

Now at the very end of the file, add the client:

[6000]
type=friend
secret=PASSWORD
nat=no
host=dynamic
dtmfmode=rfc2833
disallow=all
allow=ulaw
context=sip-dialout
callerid=6000
deny=0.0.0.0/0
permit=192.168.0.10/32

Briefly describe the parameters that I indicated:
type – type of client, can be user (authentication by password), peer (identification by host address), fried (either by password or by host).
secret – user password.
nat=no – indicates that the client may be behind NAT, see my article about this – Solution to the Asterisk problem – no sound when calling via NAT.
host=dynamic – there is no client binding to the host address.
dtmfmode=rfc2833 – method of transmitting dtmf dialing tones.
disallow=all – ban all codecs.
allow=ulaw – Let’s solve only the ulaw codec.
context=sip-dialout — the name of the dialplan (it is described in extensions.conf)
callerid=6000 – customer’s internal phone number.
deny=0.0.0.0/0 – we forbid connection from all IP addresses.
permit=192.168.0.10/32 – we only allow connection from the specified IP address.

After adding the client, we will connect to Asterisk and update the sip configuration:

sudo asterisk -r
sip reload

To see the list of clients you can use the command:

sip show users

To exit the Asterisk console, type:

quit

Now it is already possible to connect the added client to the Asterisk server using for example the X-Lite, Zoiper or VoIP phone program, but there is nowhere to call, so we will add the second client to sip.conf for the test:

[6001]
type=friend
secret=PASSWORD
nat=no
host=dynamic 
dtmfmode=rfc2833
disallow=all
allow=ulaw
context=sip-dialout
callerid=6001
deny=0.0.0.0/0
permit=192.168.0.10/32

Open the extensions.conf file in the editor:

sudo nano /etc/asterisk/extensions.conf

And we will indicate the following lines at the end of it, so that users can call each other:

[sip-dialout]
exten => 6000,1,Dial(SIP/6000)
exten => 6001,1,Dial(SIP/6001)

Restart Asterisk to apply the changes:

sudo service asterisk restart

Done, we added two users and they can call each other.

See also:
Adding a SIP client to FreePBX

Adding a SIP client to FreePBX

To add a SIP client to FreePBX, open the menu “Applications” – “Extensions“, choose for example “Generic CHAN SIP Device” and we indicate the main parameters:

User Extension: 6000 (SIP number)
Display Name: Operator (any name to display)
Secret: PASSWORD
and click “Submit“.

Done, SIP is added, it can already be registered at the specified number and password.

How to add SIP in the configuration file I described in this article – Adding SIP clients to Asterisk

Solving the error “insserv: warning: script ‘script’ missing LSB tags and overrides”

I noticed once the following error:

insserv: warning: script ‘MyScript.sh’ missing LSB tags and overrides

It appears because someone wrote the /etc/init.d/MyScript.sh script before writing the LSB tags first.

To fix this, I opened the script code in a text editor (in the editor nano Ctrl+X to exit, y/n to save or cancel changes):

sudo nano /etc/init.d/MyScript.sh

And added in the beginning:

### BEGIN INIT INFO
# Provides:          MyScript
# Required-Start:
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      1 0 6
# Short-Description: ...
# Description: ...
### END INIT INFO

See also:
Run application at startup in Ubuntu

Configuring email notifications in Zabbix via iRedMail

On the test I will use Zabbix 3.0.3 and iRedMail 0.9.4 installed in Ubuntu Server 14.04.4 LTS.

First, in the Zabbix panel, activate the action by opening the tab “Configuration” – “Actions” and activate “Report problems to Zabbix administrators“. In it I also, to see the names of the hosts, changed both topics of the letter with:

{TRIGGER.STATUS}: {TRIGGER.NAME}

on

{TRIGGER.STATUS}: {HOST.NAME1} {TRIGGER.NAME}

In Zabbix, the email notification method was initially added, but depending on the settings of the mail server it can work or not work. You can find it by going to Zabbix under the administrator and opening the tab “Administration” – “Media types” – “Email“.

When configuring with iRedMail, I specified the following parameters:

Name: Email
Type: Email
SMTP server: mail.example.com
SMTP server port: 25
SMTP helo: example.com
SMTP email: user@example.com
Connection security: STARTTLS
Checkboxes for “SSL verify peer” and “SSL verify host” did not put
Authentication: Username and password
Username: user@example.com
Password: PASSWORD
check for “Enabled”

If the mail server is in the same system as the Zabbix server, you can try to configure both the above, but where “Connection security” and “Authentication” select “None”.

Also in the user profile, in the tab “Media” need to add:

Type: Email
Send to: mail for notifications
When active: time when it is allowed to be alerted
Use if severity: what importance of notification to send
check for “Enabled”

Done.